YD/T 4594-2023
Cyberspace security simulation test environment isolation requirements (English Version)

Standard No.
YD/T 4594-2023
Language
Chinese, Available in English version
Release Date
2023
Published By
Professional Standard - Post and Telecommunication  CN  /  YD
Latest
YD/T 4594-2023
 
Introduction

Interpretation of the standard framework

Technical dimensions Isolation requirements Implementation points
Network isolation Logical isolation + address isolation RFC 1918 dedicated address space allocation needs to be implemented
Virtual node isolation Meet GB/T 35293-2017 Memory/storage access control + fault isolation
Data isolation Out-of-band management + storage clearing Physical/logical dual storage control

Analysis of key technologies

Implementation of network isolation

The standard requires the use of dual mechanisms of address isolation and interconnection isolation:

  • Each test environment is independently allocated a private address space defined in RFC 1918
  • Virtual network technology is used to implement broadcast domain isolation (such as VXLAN or NVGRE)
  • Bandwidth resources need to be hard-isolated through the QoS mechanism

Virtual node isolation case

A cloud security laboratory uses the Kubernetes + gVisor solution to implement:

  1. Isolate computing resources through namespaces
  2. Use secure container runtime to protect memory boundaries
  3. Pull the image through the out-of-band network before deployment (reducing bandwidth usage by 30% on average)

Analysis of standard evolution

Compared with GB/T 31168-2014, this standard adds:

  • Specific isolation requirements for the test environment (such as 5.2.e prohibiting Internet connection)
  • Mandatory specifications for out-of-band management (Chapter 6 encryption authentication requirements)
  • Virtual node fault domain isolation (Clause 7.i)

Implementation recommendations

Construction phase

  1. Select physical servers that support SR-IOV
  2. Deploy software-defined network (SDN) controllers
  3. Configure a dedicated VLAN for out-of-band management

Operation and maintenance phase

  1. Regularly verify the effectiveness of the isolation strategy (quarterly penetration testing is recommended)
  2. Establish an image signature verification process
  3. Implement storage media degaussing procedures

YD/T 4594-2023 Referenced Document

  • GB/T 31168-2014 Information security technology.Security capability requirements of cloud computing services
  • GB/T 35293-2017 Information technology—Cloud computing—General technical requirements of virtual machine management

YD/T 4594-2023 history

  • 2023 YD/T 4594-2023 Cyberspace security simulation test environment isolation requirements
Cyberspace security simulation test environment isolation requirements

Topics on standards and specifications

Network environment configuration during network testing network bandwidth Cyberspace Environmental test requirements cyberspace security test isolation isolation test Network Environment Requirements Network Environment Requirements Network Environment Requirements isolation requirements Web environment

Standard and Specification

NAVY MIL-E-85288-1979 TACTICAL NAVIGATION SET AN/ASN-123, GROUND SUPPORT EQUIPMENT ELECTRONIC SYSTEMS TEST SET, AN/ASM-614 CNCA 11C-076-2009 Implementation Rules for Compulsory Certification of Information Security Products Network Security Isolation Card and Line Selector Products BS ISO/IEC 18367:2016 Information technology. Security techniques. Cryptographic algorithms and security mechanisms conformance testing ASHRAE HVAC APPLICATIONS IP CH 15-2003 Engine Test Facilities ISO/IEC 18367:2016 Information technology - Security techniques - Cryptographic algorithms and security mechanisms conformance testing CAN/CSA-ISO/IEC 18367:2018 Information technology — Security techniques — Cryptographic algorithms and security mechanisms conformance testing IEC 61753-062-6:2007 Fibre optic interconnecting devices and passive components performance standard - Part 062-6: Non-connectorized single-mode fibre optic pigtailed isolators DS/IEC 61753-062-6:2008 Fibre optic interconnecting devices and passive components performance standard -- Part 062-6: Non-connectorized single-mode fibre optic pigtailed isolators BS EN 61753-062-6:2008 Fibre optic interconnecting devices and passive components performance standard. Non-connectorized single-mode fibre optic pigtailed isolators for category O SAE J3101-2-2025 Hardware-Protected Security Environment – Trusted Application Isolation Security Models


Copyright ©2026 All Rights Reserved
Update: Mon, 08 Jun 2026 15:37:30 +0000